Fighting Dirty Money and Bad Applicants
Our big joke in the software industry is our ability to generate acronyms. Personally I’ve had to navigate IAM, KBA, RPA, GDPR and a thousand others. And in a previous life in the security space, I dealt with a lot of ML’s. Before the advent of JSON, I worked with systems that transferred everything in XML, as in
<junk> here is a lot of junk </junk>
I accomplished cross-domain single-signon via SAML (Security Assertion Markup Language), a descendant of S2ML and AuthXML. I installed solutions that performed federated provisioning using SPML (Service Provisioning Markup Language). There was a CARML, an AAPML. Of course the web works on HTML, and in the old days it was SGML.
These days in the fraud and KYC business I deal with two other ML’s
The first is Money Laundering. It’s the process by which criminals cleanse their ill-gotten gains by running dirty money through seemingly legal enterprises, so it’s harder to trace, and appears legit to the authorities. In one of my favorite shows, Breaking Bad, meth money was made to appear like profits from a car wash.
To combat this practice, the government long ago passed laws for AML, or Anti-Money Laundering. These comprise laws and processes aimed at preventing perpetrators from tuning dirty money into clean cash. Not everybody makes their money the right way. In my case, it’s speaking fees. I let people in for free, but I charge them to get out when they stampede for the exits. My speaking voice is Mostly Lousy.
AML’s scope is narrow, but the reach is long. Banks and other financial institutions are under the gun to ensure that their deposits are not fronts for that dirty money. They typically appoint officers or tasks other VPs with the job of guaranteeing, to the best of their ability, compliance with AML regulations. Large deposits of cash, for example, often get extra scrutiny. Meth dealers don’t usually take credit cards.
Not everybody who gets caught by AML laws is laundering drug money
Sometimes they’re trying to avoid taxes or bribes. Banks also usually have to inform their customers of these policies. Naturally, the bad guys say, “Uh, yeah, thanks. Here’s a bag of fifties to stick in an account. My Loot.”
How do you execute an AML program? Well, the easy way to make everyone apply for a loan or a bank account by coming into the lobby. And even that’s no guarantee. But in this age, people increasingly apply for accounts online, even on their itty-bitty phone screens. But whether an application is performed digitally or in person, you still need to bounce their identity, real or otherwise, off your sources. In our case, we have three tiers of watchlist (WL!), examining adverse media, Politically Exposed Persons, sanctions and enforcement lists from around the globe.
The data we reference is regulated for GLBA and DPPA, and supports compliance with the US Patriot Act, OFAC, and the EU Money Laundering Directive. We can even tell if you’ve ever hijacked a plane. You may not have realized, this can keep you from getting a loan. I know, it’s crazy, right?
So this is how we defend against people who’ve been known to do bad stuff. But how about the people we aren’t sure about yet?
For those situations, in my current life I help customers fight fraud and avoid risk. A major tool used by our organization to do this is another ML, Machine Learning. It’s a powerful technique for ingesting extremely large data sets, for the purpose of building models that humans can’t do on their own. Even heuristic systems that try to mimic human judgment at greater speed and volume can’t keep up with completely automated learning.
We’re not the only organization that uses machine learning. But nobody else we know of does it at our scale. Our approach is not customer-centric; it’s industry-wide. That’s because we feed our models data from across a broad base of enterprises, a training set that is Mighty Large. We use millions of rows of data to build and perpetually retrain our models for recognizing the good applicants we help our customers automatically accept, and deflect the risky ones. In other words, who should get a credit card, and who is More Likely to commit fraud. It ain’t cheap. But it makes us more accurate than any other solution. And that accuracy helps our customers avoid Massive Losses.
Machine Learning gets confused with Artificial Intelligence all the time. Here’s the bit of merit to that. ML is usually the teacher of AI. It ingests relevant data and creates the basis for the actions of the AI agent. It’s the same for us. Our Machine Learning teaches our platform Many Lessons. It’s why I have much love for our product.
Jeff Scheidel is a technologist with 34 years in software, including 26 years in security solution design. He is the author of numerous white papers on security and regulatory compliance, as well as a McGraw-Hill book on identity, access, database, and application protection. Jeff is an expert on compliance requirements across a number of industries, and has presented at a wide variety of security events.
Funny, This Doesn’t Taste Like Third-Party Fraud to...
You can’t prevent identity fraud if you don’t know what it...
How Do You Protect Your Online Business From...
As a longtime horror fan, I live for October. It’s nearly...